Symptoms: 

When Identity Minder (IM) workflow is turned on, the application log might show those error messages:

javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4537E  No principal is found from the 'IDM' principal name

Or

ERROR com.workpoint.monitor.support.AlertQueryThread  - Unable to query alert instances due to RemoteException.java.rmi.RemoteException: CORBA OBJECT_NOT_EXIST

Environment:  

Identity Minder R12.5

Websphere 8.5

OS Windows 2008 SP2

Cause: 

When installing (IM) on Websphere, customers are advised to turn off Global Security setting. After the installation successfully completes, some customers want to turn back on the Global Security setting to protect Websphere Admin Console. When workflow is enabled, Websphere will use the default “IDM” user and its password in ra.xml file under <IBM WebSphere path>\AppServer\profiles\AppSrv01\installedApps\<cell name>\iam_im.ear\workflow.rar\META-INF for authentication.

<Please see attached file for image>

Resolution:

1.       Use pwdtools.bat or pwtools.sh to encrypt the password value:

<Please see attached file for image>

2.       Create an IDM user in Websphere, which match the above username and password:

<Please see attached file for image>

3.       Add “IDM” user to CORBA naming service users

<Please see attached file for image>

click Add button:

<Please see attached file for image>

Add permission to the user:

<Please see attached file for image>

Note: make sure Read, Write, Create, and Delete roles are selected. Missing one role will result to CORBA errors.

<Please see attached file for image>

 "IDM"  user should look like this in Websphere Admin Console:

<Please see attached file for image>

4.       Save the change and restart websphere and IM application.

5.       View workflow and verify if workflow processes are displayed properly.

6.       Check SystemOut.log for any CORBA error.